WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to th

from [Keir Fraser] [Permanent Link][Original]
To: "Daniel P. Berrange" <berrange@xxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest
From: Keir Fraser <keir.fraser@xxxxxxxxxxxxx>
Date: Thu, 18 Dec 2008 17:21:10 +0000
Cc:
Delivery-date: Thu, 18 Dec 2008 09:21:31 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20081218155306.GV23277@xxxxxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AclhNQTkJZcLtJDvHE+FHpHYPJ9/DQ==
Thread-topic: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest
User-agent: Microsoft-Entourage/12.14.0.081024 
On 18/12/2008 15:53, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote:

> Explicitly give Dom0 permissions on the /local/domain/$DOMID so it
> becomes the owner of the path. The guest is then granted read perm
> on the path.

Thanks Daniel, that's a nasty one!

However there are other places in xend that commit the same error, and this
interface weakness would doubtless bite us again in future. Hence the patch
I actually committed (c/s 18933) actually takes a different strategy: in the
bowels of the xend xenstore C package I check to see if the caller is try to
change permissions of the node owner, and if so I fudge in dom0 as the owner
instead. A bit grim, but I think probably a safer bet in this instance.

What do you think of it? If it seems okay I will backport and will have to
do new RCs of 3.2.3 and 3.3.1.

 Thanks again,
 Keir



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] Testing candidate 3.3.1-rc3, Boris Derzhavets
Next by Date:  Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest, Daniel P. Berrange
Previous by Thread:  [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest, Daniel P. Berrange
Next by Thread:  Re: [Xen-devel] PATCH: Actually make /local/domain/$DOMID readonly to the guest, Daniel P. Berrange
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy